Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Where is the digital signature stored when code signing a exe file in windows?

Tags:

windows

code-signing

winapi

portable-executable

As stated in the question title. However, I am using a "trick" where i store extra data after the executable to be used at runtime (see here).

Signing my executable appears to break this 'trick' however, so my question is where is the signature stored in the exe (PE) file?

I am usingsigntool from microsoft to sign my executable.

like image 908
horseyguy Avatar asked Dec 05 '17 04:12

horseyguy

People also ask

How do I find the signature of an EXE file?

Check the signature on an EXE or MSI file Right-click the EXE or MSI file and select Properties. Click the Digital Signatures tab to check the signature.

Where is digital signature stored?

Click File > Info > View Signatures. In the list, on a signature name, click the down-arrow, and then click Signature Details.

What is digital signature for exe files?

Executable signing certificates, commonly referred to as code signing certificates, are digital files you can use to digitally sign executable files (.exe files). The code signing certificate uses a cryptographic hash that validates the executable file's integrity and authenticity.

How is digital signature stored?

When a signer digitally signs a document, a cryptographic hash is generated for the document. That cryptographic hash is then encrypted using the sender's private key, which is stored in a secure HSM box. It is then appended to the document and sent to the recipients along with the sender's public key.

2 Answers

An embedded digital signature is always appended to the end of the executable file, whether or not you have custom data attached to it. The attached data is included in the hash of the signature.

The location and size of the signature is stored in the security directory of the PE header. Extracting that information goes like this:

  • Locate and read the IMAGE_OPTIONAL_HEADER of the PE file.
  • IMAGE_OPTIONAL_HEADER::DataDirectory is an array of IMAGE_DATA_DIRECTORY structures. Index it by IMAGE_DIRECTORY_ENTRY_SECURITY (undocumented but declared in winnt.h) to locate the entry of the security directory.
  • IMAGE_DATA_DIRECTORY::VirtualAddress contains the file offset (not the RVA) of the signature and IMAGE_DATA_DIRECTORY::Size contains the size of the signature.

References:

  • PE Format (MSDN)
  • Peering inside the PE (somewhat more readable, with examples)
  • IMAGE_DATA_DIRECTORY values
  • The Case of the Missing Digital Signatures Tab
like image 186
zett42 Avatar answered Oct 06 '22 08:10

zett42

The format of a signed PE file is documented by Microsoft:

Windows Authenticode Portable Executable Signature Format [This link downloads a WORD doc]

like image 22
Remy Lebeau Avatar answered Oct 06 '22 09:10

Remy Lebeau
Sign in to Comment

Related questions

Window Icon of Exe in PyQt4
Can anyone suggest a Java or Scala DOS/terminal-based UI framework? [closed]
.NET Mutex on windows platform: What happens to them after I'm done?
Parsing the results of askopenfilenames()?
WPF always on top only for parent
How can I display the "open with" dialog for an unregistered file extension? [duplicate]
allocate more than 1 GB memory on 32 bit XP
Load a DLL from another directory at program start
Linux tools to inspect Windows DLLs
.net File.Copy very slow when copying many small files (not over network)
Finding a Windows user's "true" application data folder?
Pass variable to puppet on commandline
Where is pyvenv script in Python 3 on Windows installed?
How to copy both - HTML and text to the clipboard?
Windows Task Scheduler Doesn't Run VBScript
TypeError constructor returned NULL while importing pyplot in ssh
(UWP) Getting xml files from assets folder
windows pip installing libraries in wrong directory
How do I install Git for Windows software to a specific directory?
Tool simulating RAM usage [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!